It seems to me as though lots of users of Home Assistant are also into the Homelabbing scene. As such, many have things like Active Directory, Authelia, KeyCloak, etc. setup for doing authentication. I know doing LDAP is possible via the command line auth provider, but trying to use SSO currently requires a custom component using a reverse proxy. It would be nice if HA had SAML or OAuth2 directly implemented for those users.
I have a Keycloak instance myself, and it definitely would be nice if HA natively supports SAML, OAuth2/OIDC.
The custom component works, but it would only work if I connect through a reverse proxy, which means I can’t use this with Home Assistant Cloud (Remote UI). Native SAML/OIDC would probably work, if the user configures the redirect URL appropriately (both local URL and Remote UI URL).
I also noticed there has been work in adding OAuth/OIDC support, but the PRs have been closed:
2 Likes
How did you make it working with keycloak? I am trying to achieve that without bypass login.
https://next-auth.js.org/ makes authentication easy. Essentially apps implement nextauth for their user management and then nextauth will allow users to select from pretty much any single sign on provider you can think of (google, github, self holsted Authentik/keycloak etc).
This way the devs for HA don’t need to keep messing around with implementing the latest user management systems since nextauth will just provide that automatically.
Linkwarden is an example OSS app that uses nextauth for SSO.